1. Technical Field
The present invention is directed to network computing. More specifically, the present invention is directed to a method, system and apparatus for double-checking DNS provided IP addresses.
2. Description of Related Art
Domain Name System or Service (DNS) is an Internet service that translates domain names into Internet Protocol (IP) addresses. IP addresses, which are a group of four numbers separated by colons (e.g., 198.105.232.4), are used when communicating with computer systems on the Internet. However, since it is easier to remember names than it is to remember numbers, users are allowed to use computer names (i.e., www.ibm.com) when communicating with computer systems. The names are then translated into their corresponding IP addresses.
When a process needs to determine an IP address given a DNS name, it calls upon a local host to map the DNS name to an IP address. Specifically, UNIX hosts have a file (i.e., /etc/resolv.conf) that contains a list of DNS servers that can be contacted to map DNS names to IP addresses. The DNS servers are contacted, if some or all of them on the list have to be contacted, in an orderly fashion. For example, one DNS server in the list is usually designated as the default server to contact when a DNS service is needed. Thus, that DNS server will be contacted first. However, if communication between the client and the DNS server fails, another DNS server in the list, which is designated as a secondary server, will be contacted and so on.
The DNS servers have a table that cross-references a computer system's name with its IP address. If the computer system's name being looked up is not in the cross-referencing table of the DNS server contacted, that DNS server will contact another DNS server to see whether it can map the computer system's name to its IP address. This process will continue until a DNS server is able to provide the IP address associated with the DNS name of the computer system in question. The IP address will be passed down to the requesting client in the same order the request was passed up. Each DNS server that was involved in passing the request up the chain will be involved in passing the answer down to the requesting client. When they receive the answer, they will cache it for future references. The process of one DNS server requesting another DNS server to map a DNS name to its IP address is called a recursive resolution of requests.
Users have been known to intercept DNS service requests between two DNS servers and to return IP addresses of their choosing in response to the requests. When this occurs, all communications between a client that requested a DNS service and the computer system for which the DNS service was requested will effectively be routed to the users' chosen computer system.
This scheme can be used to compromise secure transactions between customers and financial institutions or commercial enterprises. For example, a customer who believes that he/she is in a financial transaction with a bank may nonchalantly provide all pertinent information that an unauthorized user may need to access the customer's bank account or credit card account etc. Further, enterprises that are being run by unscrupulous managers may re-route all Internet traffic destined to a competitor's Website to the enterprises' own Websites. Indeed, a whole host of deceptive activities may ensue by using this scheme.
Thus, what is needed is a system, apparatus and method of notifying a user when there is a possibility that the user may be communicating with other than an intended computer system.